Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Threat Intelligence

1/22/2021
10:00 AM
Marc Wilczek
Marc Wilczek
Commentary
Connect Directly
Twitter
LinkedIn
RSS
E-Mail vvv
50%
50%

Why North Korea Excels in Cybercrime

North Korea is laser-focused on boosting its cyber capabilities, and it's doing a remarkable job of it.

Although the US and the United Nations have levied sanctions meant to prevent the illegal financing of nuclear weapons, North Korea is proving to be adept at sidestepping them — and is also remarkably proficient at cybercrime. As other countries try to hammer out common cybersecurity protocols, North Korea has rapidly grown its cyber capabilities, both domestically and abroad. As a result, despite ever-tightening sanctions, the regime is finding ways to exploit digital vulnerabilities around the world and launch cyberattacks — typically through its hacking teams, code-named Hidden Cobra or Lazarus Group — to extort money for its banned nuclear weapons development program.

Related Content:

Inside North Korea's Rapid Evolution to Cyber Superpower

How Data Breaches Affect the Enterprise

New From The Edge: Cartoon: Shakin' It Up at the Office

In 2017, the US Department of Homeland Security and the FBI published a rare cybersecurity bulletin that linked North Korea to several attacks on US businesses and critical infrastructure. The alert concerned a type of malware dubbed Delta Charlie, which the Department of Homeland Security and FBI claim the North Korean government used to launch distributed denial-of-service (DDoS) attacks. These botnet attacks direct a flood of destructive IP traffic stemming from insecure Internet of Things devices to knock websites, applications, and other IT infrastructure offline for hours, days, or weeks.

The cybercrime market's size and the scarcity of effective protection continue to be a mouth-watering lure for North Korean cyber groups. The country's cyber operations carry little risk, don't cost much, and can produce lucrative results. Nam Jae-joon, the former director of South Korea's National Intelligence Service, reports that Kim Jong Un himself said that cyber capabilities are just as important as nuclear power and that "cyber warfare, along with nuclear weapons and missiles, is an 'all-purpose sword' that guarantees our [North Korea's] military's capability to strike relentlessly." 

Other reports note that in May 2020, the North Koreans recruited at least 100 top-notch science and technology university graduates into its military forces to oversee tactical planning systems. Mirim College, dubbed the University of Automation, churns out approximately 100 hackers annually. Defectors have testified that its students learn to dismantle Microsoft Windows operating systems, build malicious computer viruses, and write code in a variety of programming languages. The focus on Windows may explain the infamous North Korean-led 2017 WannaCry ransomware cyberattack, which wrought havoc in more than 300,000 computers across 150 countries by exploiting vulnerabilities in the popular operating system.

More recently, North Korea's state media confirmed the founding of a new science and technology university, likely associated with the country's cyberwarfare and weapons development program, as part of its Oct. 10 military parade. This suggests that ongoing investment of government funds is further strengthening the civil-military fusion, which is bound to exacerbate tensions on the Korean peninsula and international security concerns.

North Korea isn't acting alone. A US Army report estimates that North Korea employs roughly 6,000 cyber agents in four intelligence organizations across the globe. One of them is the infamous Lazarus Group, which is known to be the brains behind severe cyberattacks, including the 2017 WannaCry ransomware release. Among North Korea's few backers, China in particular can aid North Korea's illegal cyber activity through training and academic exchange. North Korean students often study at top Chinese institutions such as the Harbin Institute of Technology (HIT), where they can get acquainted with advanced technology unavailable in their home country because of US and UN sanctions.

The Chinese government continues to forge official academic relationships with military-affiliated North Korean academic institutions, partnerships which may form the basis for more cyberattacks. In November 2019, the Chinese Ministry of Education and the North Korean Chairman of the Education Commission jointly signed the China-North Korea Education and Cooperation Agreement (2020–2030) to buttress academic partnerships and postgraduate student exchanges.

Such joint government initiatives to boost foreign exchanges and post-graduate programs may lead to increased cybercrime, given what the curriculum these universities tend to teach. There are already worries that Chinese universities are educating future North Korean nuclear scientists. The question remains how to stop these institutions from equipping North Korean cyber agents with the skills and capabilities they need to target high-level cyberattacks at the US and other advanced economies. Kim Heung-kwang, a North Korean defector who for two decades was a professor of computer science at Hamheung Computer Technology University, has said he trained many of North Korea's first cyber experts before they departed for further education in China.

The US government continues to unearth new North Korean cyber groups that pose serious international security concerns and threaten US national interests. Even the pandemic isn't stopping North Korea from leveraging its cyber genius — like China and Russia — to pilfer funds from pharmaceutical firms researching COVID-19 vaccines and foreign countries' national COVID-19 relief funds.

However, there is still hope for the US and its global allies. The US Department of Justice can mandate cybersecurity audits for US banks and financial institutions as part of deferred prosecution agreements to encourage compliance with basic cybersecurity protocols outlined by the Cybersecurity and Infrastructure Agency (CISA) and Financial Action Task Force (FATF). In addition to tightening cybersecurity protocols and information-sharing among banks and other financial institutions, the White House can collaborate with its allies on in-depth research into the locations of North Korean cyber centers. Vigilance is necessary, since seemingly legitimate businesses, hotels, and universities can all serve as harmless fronts to disguise malevolent North Korean-sponsored cyber activity.

Although North Korea typically plays second fiddle to China and Russia as a cyber threat, the small country is dedicated to strategically building out its cyber capabilities and leveling the playing field with China and Russia. The US will benefit from coordinating with its allies to safeguard critical infrastructures, shared global interests, and international security. Protecting against potential cyberattacks is crucial, but disrupting the training and deployment of cyber agents is just as critical to limit the scope of North Korea's cyber activities.

Marc Wilczek is a columnist and recognized thought leader, geared toward helping organizations drive their digital agenda and achieve higher levels of innovation and productivity through technology. Over the past 20 years, he has held various senior leadership roles across ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Threaded  |  Newest First  |  Oldest First
News
US Formally Attributes SolarWinds Attack to Russian Intelligence Agency
Jai Vijayan, Contributing Writer,  4/15/2021
News
Dependency Problems Increase for Open Source Components
Robert Lemos, Contributing Writer,  4/14/2021
News
FBI Operation Remotely Removes Web Shells From Exchange Servers
Kelly Sheridan, Staff Editor, Dark Reading,  4/14/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-7856
PUBLISHED: 2021-04-20
A vulnerability of Helpcom could allow an unauthenticated attacker to execute arbitrary command. This vulnerability exists due to insufficient authentication validation.
CVE-2021-28793
PUBLISHED: 2021-04-20
vscode-restructuredtext before 146.0.0 contains an incorrect access control vulnerability, where a crafted project folder could execute arbitrary binaries via crafted workspace configuration.
CVE-2021-25679
PUBLISHED: 2021-04-20
** UNSUPPORTED WHEN ASSIGNED ** The AdTran Personal Phone Manager software is vulnerable to an authenticated stored cross-site scripting (XSS) issues. These issues impact at minimum versions 10.8.1 and below but potentially impact later versions as well since they have not previously been disclosed....
CVE-2021-25680
PUBLISHED: 2021-04-20
** UNSUPPORTED WHEN ASSIGNED ** The AdTran Personal Phone Manager software is vulnerable to multiple reflected cross-site scripting (XSS) issues. These issues impact at minimum versions 10.8.1 and below but potentially impact later versions as well since they have not previously been disclosed. Only...
CVE-2021-25681
PUBLISHED: 2021-04-20
** UNSUPPORTED WHEN ASSIGNED ** AdTran Personal Phone Manager 10.8.1 software is vulnerable to an issue that allows for exfiltration of data over DNS. This could allow for exposed AdTran Personal Phone Manager web servers to be used as DNS redirectors to tunnel arbitrary data over DNS. NOTE: The aff...